package com.study.springsecurity.security;

import com.study.springsecurity.security.filter.JwtAuthenticationTokenFilter;
import com.study.springsecurity.security.provider.JwtTokenProvider;
import com.study.springsecurity.security.provider.MyProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import java.util.Arrays;


/**
 * @Author: zzy
 * @Date: 2024/10/12 16:10
 * @Title:
 * @Version:
 * @Package: com.study.springsecurity.security
 */
@Configuration
@EnableMethodSecurity(prePostEnabled = true) // 开启注解权限验证
public class WebSecurityConfig {

    // 授权管理器
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
        ProviderManager manager = (ProviderManager) authConfig.getAuthenticationManager();
        System.out.println(manager.getProviders());

//        ProviderManager authenticationManager = new ProviderManager(
//                Arrays.asList(jwtTokenProvider(),myProvider())
//        );
//

//        authenticationManager.setEraseCredentialsAfterAuthentication(false);
//        System.out.println(authenticationManager.getProviders());

        return authConfig.getAuthenticationManager();
    }

    @Bean
    public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter() {
        return new JwtAuthenticationTokenFilter();
    }


    @Bean
    public JwtTokenProvider jwtTokenProvider() {
        return new JwtTokenProvider();
    }

    @Bean
    public MyProvider myProvider() {
        return new MyProvider();
    }


    //加密器
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    //Spring Security过滤链
    @Bean
    public SecurityFilterChain FilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/user/test").hasAuthority("author")
                .anyRequest().authenticated()
        ).addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    @Bean
    @Order(1)
    public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
        http
                .securityMatcher("/user/login")
                .authorizeHttpRequests(authorize -> authorize
                        .anyRequest().permitAll()  // 允许匿名访问 /user/login
                );
        ProviderManager authenticationManager = new ProviderManager(
                Arrays.asList(jwtTokenProvider(), myProvider())
        );
        http.authenticationManager(authenticationManager);
        return http.build();
    }

}